Nasty Site Hack Leads to Phony Google Links

2009 July 29
by Andy
Thar be nasty scripts here!

Thar be nasty scripts here!

Came across a dirty (but interesting) website hack today. Essentially when a person googled their domain name they discovered hundreds and hundreds of phony links pointing to a sub-directory of their site. (With charming descriptions such as “lesbian hot porn vbulletin” and “sims2 shemale skin”). Clicking on these links displayed a page full of advertisements.

Had a nose around the sub-directory in question and couldn’t find any files corresponding to the links.

Eventually, I found a rogue PHP script (called report.php). Turns out that the .htaccess file in the directory had been modified to redirect any “404 Not Found” errors to the PHP script. Even dirtier still was that when you accessed the script directly in a browser it showed a typical default 404 error, a tactic I guess is there to add confusion when you are trying to find the cause of the hack. Bastards.

Script was base64‘d and full of typical randomness meant to slow down those trying to figure out exactly what it’s trying to do. As far as I can tell, it just serves up ad pages when it’s redirected to and the 404 error page when accessed directly.

The ultimate bastardly thing about this hack is that even after you clean up your site, it’ll be ages before the explicit phony links dissappear from Google. Another good reason to avoid 777 permissions of directories and keep your web software updated.

Just wanted to make people aware of it. If you come across something similar have a look in the .htaccess file first. :-)

***UPDATE***
The following bash one-liner can help find any files that contain a call to the base64_encode() method. Some legitimate files may be included, but this should help narrow down the list of dirty scripts.

$find . -type f | xargs grep -l base64_encode

Also worth checking out the following links for htaccess tips and tricks:

New Theme

2009 April 29
by Andy

I got a bit sick of the old fusion theme. The new theme is based on the Vigilance Theme by Jestro with some tweaks suggested in an excellent article by Dean Peters along with a couple of tweaks of my own.

Header image is a photo I took atop the cliff at Silver Strand overlooking Galway Bay.

It’s a lot cleaner and I think it’s easier to read, too. Hope you like it!

Shoot First Questions Later

2009 April 29
by Andy

SFQL Graphic

SFQL is a different approach to business networking. Break the ice by playing a few LAN games and having a laugh. Afterwards, head to a nearby pub for some refreshments and have a chance to chat with like-minded people in the tech industry from Galway.

It’s happening May 6th from 7pm in Squareyes, Forster St (near Eyre Square). The cost of gaming is €6.

This is a Digital Media Forum event. The idea was born at the last Digital Media Breakfast in Galway and has been put together thanks to @antonmannering and Squareyes.

Promises to be good craic! Join via the event page so we’ll have some idea of numbers.  Thanks! :-)